Five Password Strategies Every Professional Must Follow

Hacking into someone’s business or email account by guessing their password is the most classic form of hacking. Even though there are way more high tech forms of data breaches available to cyber criminals out there these days, that old standby will always exist.

We are always shocked at how many people, including executives, break the cardinal rules of strong passwords. A lot of them are perfectly aware that their passwords are weak too, it’s just that they think that no one is going to take the time to guess their password. If you work for a business that holds confidential personal and financial information, someone will take the time to guess your password.

If you have a weak password, it’s only a matter of time before somebody breaks through, which is why we’ve compiled a checklist of items you must follow to know that you won’t be next.

Easy to remember, hard to guess

Passwords, even if they are longer than eight characters, that use words found in the dictionary are much easier to hack than using a seemingly random order of numbers. Try using an anagram for a phrase that you can easily remember as a password. For example, “My dog Lucy turns 7-years-old in September, 2018” would translate to MdLt#7YOiS2018. For added security, substitute letters for symbols that look similar ($ for S, 1 for I, @ for A).

Don’t use one password for everything

If a hacker finds out your username and password for one application, you better believe they are going to try the same combination for every email, bank and retail service they can find. It’s annoying enough to reset one password after finding out your password may have been compromised or the website you have an account on experienced a data breach, but don’t subject yourself to having to reset every password, use different passwords for your important accounts.

Don’t let your password get out in the open

This means don’t write down your password on a sticky note and leave it on your desk, and don’t tell or email your password to anyone, even a trusted friend or coworker. People make mistakes, and it doesn’t take much for the wrong person to overhear someone accidentally divulge your password. Unfortunately, friends and coworkers can become ex-friends and ex-coworkers too, and people hold grudges.

Two-factor authentication is your best friend

What two-factor authentication means is that whenever you log into a computer or device that the application is not used to seeing you log in from, it will send a code to one of your other devices (typically your phone) that you will have to punch in to successfully log in. This is a great security measure that we recommend to everyone. If a hacker were to try to log into your email from their own laptop, they would not be able to break through because they wouldn’t have the code that was sent to your phone. They would need to physically have your phone, and the password to your phone to see the text, to access your email.

Be careful of your security questions

Some hacks are done not because the password was guessed, but because they were able to successfully guess your security questions to reset the password. A lot of security questions are simple queries like “Where did you go to High School?” and “What is your mother’s maiden name?” While they may seem like personal questions only you would know the answer to, the hackers might be able to get that information by looking through your social media. Maybe you tweeted about going to your high school reunion, or posted a Throwback Thursday image of your mom in her younger days. Don’t forget, like in item number three, sometimes a hacker might be an angry ex-friend or coworker who knows you personally!

Did you know?

TOSS C3 has specific applications that add extra layers of security when having a strong password just isn’t enough to put your mind at ease. One of these products, SecureLogin-2FA, is two-factor authentication that will keep your company and data completely safe. To learn about these products, as well as our other cloud services, please visit our website.